如何根据用户角色编写重定向？

Question

I'm having an issue with writing a redirect based on whether or not the current user's role matches the one listed or not

I've been trying to find solutions related to getting the current path for Drupal 8. I'm not sure if that is one of the issues or not.

class FacultyStaffRedirectSubscriber implements EventSubscriberInterface {


  public function checkForRedirection(GetResponseEvent $event) {
    $request = \Drupal::request();
    $requestUrl = \Drupal::service('path.current')->getPath();
    $current_user = \Drupal::currentUser();
    $roles = $current_user->getRoles();

    if ($requestUrl == '/faculty-staff') {
        if (
          !in_array('faculty', $roles) ||
          !in_array('staff', $roles)
        ) {

            $path =  '/404'; // \Drupal::service('path.alias_manager')->getAliasByPath('/404')
        $response = new RedirectResponse($path);
        $response->send();
        return;
          /* $event->setResponse(new RedirectResponse($path, 302)); */
            }
    }
  }
 public static function getSubscribedEvents() {
    $events[KernelEvents::REQUEST][] = array('checkForRedirection');
    return $events;
  }

} 

What I'm wanting is to redirect a user to 404 if they attempt to access the path without having the proper role assigned to them. Currently, nothing happens at all and logged in users can see the page.

Answer 1

If I got this correctly, you would like to return 404 or 403 error if user does not have permission to see the page. There is lot of options to do this. I am listing just few.

Among contributed modules I usually use permission by term . You can simply add term field to your content, set role permissions per term and you are ready to go (check their docs and tutorials for more info). For more complex structures there are organic groups but usually this is overkill for most cases (but it is very cool module doe). There is a lot of other modules like:

• https://www.drupal.org/project/protected_pages
• https://www.drupal.org/project/node_view_permissions
• https://www.drupal.org/project/vppr
• https://www.drupal.org/project/tac_lite
• https://www.drupal.org/project/nodeaccess
• https://www.drupal.org/project/protected_pages
• ...

For custom routes you can simply determine permission for access and give that permission to proper role:

e_index.content:
  path: '/your/path'
  defaults:
    _title: 'Title'
  requirements:
    _permission: 'your permission'

You can use hook_node_access() or hook_entity_access() if your path is representing an entity.

/**
 * Implements hook_node_access().
 */
function yourmodule_node_access(\Drupal\node\NodeInterface $node, $op, \Drupal\Core\Session\AccountInterface $account) {

  if ($your_condition) {
    ...
    $access_value = TRUE/FALSE;
  }

  if ($access_value === TRUE) {
    $access = new AccessResultAllowed();
  } elseif ($access_value === FALSE) {
    $access = new AccessResultForbidden();
  } else {
    $access = new AccessResultNeutral();
  }

  $access->addCacheableDependency($node);
  return $access;
}

Or you can simply throw Symfony exception:

use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

class MyClass {

  public fucntion myMethod() {
    throw new AccessDeniedHttpException();
    // or
    throw new NotFoundHttpException();
  } 
}